New permission for annotating items

[Nicklas Nordborg]

Currently WRITE permission is required on an item to be able to modify any properties and annotations. It would be nice to be able to separate the editing of regular properties from editing annotations. Introducing a new permission level, ANNOTATE, might be a possible solution. The new permission should sit between READ and WRITE (USE is already here but they should be independent).

A user with ANNOTATE permission would then be able to modify annotations but not regular properties. It would also be possible to control which annotations the user can modify and which should be read-only by setting permissions on the annotation type (requires that #2033 is fixed so that the annotation type permission is checked).

After thinking a bit about this I think we should be able to re-use the existing RESTRICTED_WRITE permission. It is a hidden permission that is only used for User items so that a user may change some parts of their own data (such as password, email, etc) but not quota, group or role membership (which require full WRITE permission).

The RESTRICTED_WRITE permission currently implies USE permission but it should be safe to remove that connection since it is not used on user items.

[Nicklas Nordborg]

(In [7211]) References #2034: New permission for annotating items

Decoupled the USE and RESTRICTED_WRITE permission from each other. To avoid unexpected problems with the User item, USE permission is explicitely added.

The AnnotationSet now checks for RESTRICTED_WRITE permission instead of WRITE permission on the parent item. This should be enough for allowing a user to handle annotations on the item.

[Nicklas Nordborg]

(In [7212]) References #2034: New permission for annotating items

The "Share" dialog has been updated with "Annotate" permission. The option is only displayed if sharing items that are annotatable.

We need to modify the Item definitions for all annotatable item types so that the "Permissions" property on the "Properties" tab include the "Annotate" permission. This information is generated by the PermissionUtil class.

[Nicklas Nordborg]

(In [7213]) References #2034: New permission for annotating items

The "Edit annotation" icon in the "Annotations & parameters" tab should be enabled when the logged in user has RESTRICTED_WRITE permission.

The "Save" button in the "Edit annotations" dialog should be enabled if the logged in user has RESTRICTED_WRITE permission.

[Nicklas Nordborg]

(In [7214]) References #2034: New permission for annotating items

Default permissions for a project now supports the "Annotate" permission. Members can be added to a project with "Annotate" permission.

[Nicklas Nordborg]

(In [7215]) References #2034: New permission for annotating items

Added "Annotation" to permission filter used for filtering list pages. Made the list "smarter" by excluding permissions that are not defined for an item.

[Nicklas Nordborg]

(In [7216]) References #2034: New permission for annotating items

The "Annotate" permission can now be assigned to roles.

[Nicklas Nordborg]

(In [7220]) References #2034: New permission for annotating items

The "Annotate" permission can now be assigned to plugins.

[Nicklas Nordborg]

(In [7221]) References #2033 and #2034. Added a note about the changes to the list of update warnings and incompatible changes.

[Nicklas Nordborg]

(In [7222]) References #2034: New permission for annotating items

Updated documentation and screenshots.